Hi, A traceroute from the monitor to my server goes over ntt.net from USA, to NL.
The route from my system to the monitor goes over cogentco.com from NL to USA-LAX. Tcpdump shows my server gets requests from the monitor and sends replies. Last Friday I spoke to a security officer of a large bank. That person is amongst others responsible to handle DDoS attacks. He told (and showed) me NTP monlist is still used very often in a DDoS. This is no real surprise as a hacker that gains root permissions on a Linux box can easily enable monlist. To them NTP is very efficient... I hope the large network operators will allow the packages with 48 bytes of UDP payload whenever the filter udp port 123, instead of filtering it all. Kind regards, Arnold On 21-05-17 21:49, Marco Senft wrote: > Hi Lucas, > >> [...] >> As far as the claim that the problem inherently resides with the monitoring >> node because of RIPE Atlas probes goes, that would be foolish to say the >> least. Peering issues are a very real thing. Only the windows desktop had a >> missed probe on one of the hops (timed out) and the hop before and after it >> were with the same network (Comcast, who is my ISP). > > Well, as far as I understand from the conversation so far, nobody blamed the > monitoring node for the problems. I completely agree with you that a > peering/routing issue is most probably the root cause of it. However that's > just an educated guess, the only thing we can tell for sure is that the > monitoring incorrectly states many servers as being unreachable. > >> I'm really inclined to suspect transatlantic issues at this time. If someone >> has >> a server they can probe over into the UK from somewhere like Ashburn, >> Virginia: please probe with a traceroute over IPv6. North America Peering >> seems solid at the moment. > > ntplax7.ntppool.net resolves to 2607:f238:2::17, which belongs to AS7012. > Unfortunately, that AS does not seem to host any (public) Atlas probes. I > created two more measurements pinging and tracerouting the monitoring system > only from probes located within the US: > https://atlas.ripe.net/measurements/8759687/#!probes > https://atlas.ripe.net/measurements/8759888/#!probes > Apparently not only transatlantic connections are affected, but also peerings > within the USA. Whatever the reason is, I hope somebody takes care of this > ASAP. > > Cheers, > marco > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool > > _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
